[PDF][PDF] The diamond model of intrusion analysis
S Caltagirone, A Pendergast, C Betz - Threat Connect, 2013 - threatintel.academy
This paper presents a novel model of intrusion analysis built by analysts, derived from years
of experience, asking the simple question,“What is the underlying method to our work?” The …
of experience, asking the simple question,“What is the underlying method to our work?” The …
Why are my flows different? a tutorial on flow exporters
Network flows build the basis of modern network data analysis by aggregating properties of
network packets with common characteristics. A consistent and unambiguous definition of …
network packets with common characteristics. A consistent and unambiguous definition of …
Review of human decision-making during computer security incident analysis
We review practical advice on decision-making during computer security incident response.
Scope includes standards from the IETF, ISO, FIRST, and the US intelligence community. To …
Scope includes standards from the IETF, ISO, FIRST, and the US intelligence community. To …
RIHT: a novel hybrid IP traceback scheme
MH Yang, MC Yang - IEEE Transactions on Information …, 2012 - ieeexplore.ieee.org
Because the Internet has been widely applied in various fields, more and more network
security issues emerge and catch people's attention. However, adversaries often hide …
security issues emerge and catch people's attention. However, adversaries often hide …
Passive internet measurement: Overview and guidelines based on experiences
W John, S Tafvelin, T Olovsson - Computer Communications, 2010 - Elsevier
Due to its versatility, flexibility and fast development, the modern Internet is far from being
well understood in its entirety. A good way to learn more about how the Internet functions is …
well understood in its entirety. A good way to learn more about how the Internet functions is …
Fast packet inspection for end-to-end encryption
SY Kim, SW Yun, EY Lee, SH Bae, IG Lee - Electronics, 2020 - mdpi.com
With the recent development and popularization of various network technologies,
communicating with people at any time, and from any location, using high-speed internet …
communicating with people at any time, and from any location, using high-speed internet …
Data reduction by identification and correlation of TCP/IP attack attributes for network forensics
Network forensics is an alternate approach to security, which monitors network traffic, stores
the traces, detects anomalies, identifies the nature of attack, and investigates the source of …
the traces, detects anomalies, identifies the nature of attack, and investigates the source of …
On collection of large-scale multi-purpose datasets on internet backbone links
We have collected several large-scale datasets in a number of passive measurement
projects on an Internet backbone link belonging to a national university network. The …
projects on an Internet backbone link belonging to a national university network. The …
Deep learning detection method of encrypted malicious traffic for power grid
L Chen, Y Jiang, X Kuang, A Xu - 2020 IEEE International …, 2020 - ieeexplore.ieee.org
The construction of digital power grid is the key task of China Southern Power Grid
Corporation. However, with the application of new technologies such as “cloud, big data and …
Corporation. However, with the application of new technologies such as “cloud, big data and …
Human decision-making in computer security incident response
JM Spring - 2019 - discovery.ucl.ac.uk
Background: Cybersecurity has risen to international importance. Almost every organization
will fall victim to a successful cyberattack. Yet, guidance for computer security incident …
will fall victim to a successful cyberattack. Yet, guidance for computer security incident …